Kali Linux 2019.3 Release

We are pleased to announce that our third release of 2019, Kali Linux 2019.3, is available immediately for download. This release brings our kernel up to version 5.2.9, and includes various new features across the board with NetHunter, ARM and packages (plus the normal bugs fixes and updates).​

As promised in our roadmap blog post, there are both user facing and backend updates.

We are currently running the CloudFlare services side by side with our standard and community mirrors.​

If you notice the kali.download domain appearing on screen when you run apt update, this means you’re using CloudFlare’s services.​

Kali Status

We now have a status page – status.kali.org. This provides an overview of all public facing domains and allows you to check if they are responding correctly. We have included all the sites we control, as well as the community mirrors for the repositories, allowing you to see everything you could possibly use (even if you are unaware)!​

Note: Our load balancer on http.kali.org should automatically detect when a mirror is not responding and redirect you to one that is. As such, apt should always work (even if slow at times).​

Metapackages

We already announced the changes to metapackages in a previous blog post, and the Kali tool listing page goes into more detail on it. However, to recap, the default toolset going forward has changed. To help with this transition, for this release only (Kali 2019.3), there is a one-off, extra image called kali-linux-large-2019.3-amd64.iso, that contains all previous default tools.​

Going forward, during our release cycle, we will be evaluating which tools belong to each group:​

Kali-linux-default – tools we believe are essential to a penetration tester

Kali-linux-large – for penetration testers who have a wider set of non standard/common situations

Kali-linux-everything – for those who want it all (and without Internet access during the assessment)

​With the switchover to GitLab (read more here), we will soon begin accepting community package submissions. This means that anyone can directly submit improvements to us–anything from minor fixes and patches to complete tool packages is encouraged. We’re currently working through the documentation on how to create a package, making it easier for folks to get started and help out. More details to come later this year.

​We also noticed some packages failed to build on certain ARM architectures, which has now been fixed (allowing for more tools to be used on different platforms!).

Helper Scripts

There’s a wide range of tools in Kali. Some tools are designed to be used on Linux, some are designed for Windows (and we can still use them with WINE), and some are static resources. During our recent metapackage refresh, we took the time to create a few “helper scripts”.

You may have installed a package, gone ahead and typed in the package name to run it, and the response back was command not found. Not any more!

We understood it may not have been obvious how to use them straight away. As a result, all of our static resources should now be easy to find. Just type in the package name (Such as PayloadsAllTheThings, SecLists, WebShells and Wordlists to a name a few), you’ll see a brief description, a directory listing, and then be moved to the folder.​root@kali-dev:~# webshells> webshells ~ Collection of webshells/usr/share/webshells |–asp |–aspx |–cfm |–jsp |–perl |–phproot@kali-dev:/usr/share/webshells#

When it comes to Windows binaries (Such as hyperion, mimikatz, and windows-privesc-check), depending on their functionality, it will now either start up WINE or, like above, hotlink you to the location.​root@kali-dev:~# mimikatz> mimikatz ~ Uses admin rights on Windows to display passwords in plaintext/usr/share/windows-resources/mimikatz |—kiwi_passwords.yar |—mimicom.idl |—Win32 |—-mimidrv.sys |—-mimikatz.exe |—-mimilib.dll |—-mimilove.exe |—x64 |—-mimidrv.sys |—-mimikatz.exe |—-mimilib.dllroot@kali-dev:/usr/share/windows-resources/mimikatz#root@kali-dev:/usr/share/windows-resources/mimikatz# shellter​

On the subject of tool type, we have altered the location of packages related to Windows (which eagle eye readers may have spotted in the example above). These types of tools are now located in /usr/share/windows-resources/. For example, our windows binaries used to be in /usr/share/windows-binaries/, instead, they are in /usr/share/windows-resources/binaries/.We have done this to make it easier to discover what resources can be transferred over to a Windows platform and executed directly there. Using this new location as a root path (example: http python3 -m http.server, or samba impacket-smbserver toolz .), you can quickly share everything to the target/victim machine.)​

Tool Updates & New Packages

As always, we have our updates for all our tools, including (but not limited to):​

​There is a new tool (and it is included by default), amass, that has been well received in the bug bounty world.

GNOME Users

If you use the default Kali image, it is (currently) using GNOME for the desktop environment. If you used the command line for a period of time, chances are you noticed it was refreshing the repositories in the background. This has now been disabled.

“The quieter you become, the more you are able to hear”​

NetHunter Updates

The NetHunter crew has been adding in features left, right, and center to their project. One thing to note is package management is done through the F-Droid compatible NetHunter store, so you can even choose to have a NetHunter device without any Google Play.

​The proxmark3 client supports RDV4 out of the box and NetHunter now also works with Android’s new partition layouts (A/B partitions no longer have one boot partition and one recovery partition. They are all the same, but twice! A few paths have also changed, such as /system now actually being under /system/system), which allows it to be built for the latest generation of devices.

There are 4 additional images for you to try NetHunter on (some may look familiar, as they are back due to community demand):​

LG V20 International Edition

Nexus 5X

Nexus 10

OnePlus 7 (Our new flagship device!)

With this announcement, the OnePlus 7 is now the phone we recommend for Kali NetHunter. It is the latest and greatest flagship device for half the price of other devices. The specifications are as follows:

Snapdragon 855

8GB RAM

256GB storage

Still cheaper than Google pixel 3a (mid-range phone!) 😉

And here is a sneaky peak at the new boot animation, across all devices:

ARM Update

The RaspberryPi kernel has been bumped to version 4.19.66, which includes support for all of the RAM on 64-bit versions of the RaspberryPi 4. The RaspberryPi Zero W has seen improvements as well.

Bluetooth firmware that was accidentally dropped has been added back in, and the rc.local file has been fixed to properly stop dmesg spam from showing up on the first console.

All of the RaspberryPi images have had their /boot partition increased, which is required due to the size of the new kernel packages.

The ODROID-C2 has been bumped to the 3.16.72 for its kernel.

All images now run dpkg-reconfigure xfonts-base on their first boot – this will cause a bit of a slow down for the first boot, but the result is that if you use VNC to any of them, they will no longer show a blank screen.

On the WSL front, we have added WSL ARM64 support, which you can find in the Windows store today.​

Official Kali Linux LXD Container Image Released

LXD is a next generation system container manager. It offers a user experience similar to virtual machines but using Linux containers instead.

It is image based with pre-made images available for a wide number of Linux distributions and we are excited to announce that Kali Linux is now one of them. We are working on the documentation but would like to share the excellent article from Simos Xenitellis in which he details how to install and run Kismet in a LXD Kali container.​

Setup Notes

A couple of notes when installing Kali. If you choose to install Kali in a VM (rather than downloading our pre-made image), during the setup process, it should now detect if its running in VMware or VirtualBox and install the necessary packages to give you the best experience possible. However, if you have upgraded Kali rather than doing a fresh install, and never got around to installing these packages, the process has been automated by just running kali-setup. This program will have more functionally at a later date.​

If you use Kali in a VirtualBox, please ensure you allocate 32 MB or more video memory to the VM, otherwise you may now run into some “interesting” issues where the screen is frozen after login through the graphical greeter, as if the computer had crashed, except that it’s working (you could confirm it by switching to another virtual terminal). If you are affected by this problem, you might see the following message from the kernel: [drm] Error -12 pinnning new fb, out of video mem?.​

Download Kali Linux 2019.3

If you would like to check out the latest Kali release, you can find the download links for ISOs and Torrents on the Kali Downloads page along with links to the Offensive Security virtual machine and ARM images, which have also been updated to 2019.3. If you already have a Kali installation you’re happy with, you can easily upgrade in place as follows.​root@kali:~# apt update && apt -y full-upgrade

You should now be on Kali Linux 2019.3. We can do a quick check by doing:root@kali:~# grep VERSION /etc/os-releaseVERSION=”2019.3″VERSION_ID=”2019.3″VERSION_CODENAME=”kali-rolling”root@kali:~#root@kali:~# uname -v#1 SMP Debian 5.2.9-2kali1 (2019-08-22)root@kali:~#root@kali:~# uname -r5.2.0-kali2-amd64root@kali:~#

NOTE: The output of uname -r may be different depending on architecture.

​As always, should you come across any bugs in Kali, please submit a report on our bug tracker. We’ll never be able to fix what we don’t know about.